Intrigue grows with new Kaspersky revelations

Intrigue grows with new Kaspersky revelations
© Getty

The intrigue surrounding Moscow-based Kaspersky Lab is deepening after reports that the company’s software may have aided Russian spying operations against the United States.

The Wall Street Journal reported last week that Russian government hackers stole classified information on National Security Agency (NSA) methods from a contractor’s computer in 2015 by exploiting Kaspersky antivirus software.

On Tuesday, The New York Times reported that Israeli intelligence officers alerted the U.S. that Russian agents were broadly utilizing Kaspersky software to search for American secrets.

ADVERTISEMENT
The revelations triggered worry in Washington and arrived ahead of a key hearing on Capitol Hill in which lawmakers are expected to explore the possible risks posed by Kaspersky software to U.S. information systems.

The House Science, Space and Technology Committee, led by Rep. Lamar Smith (R-Texas), is planning to hold a series of hearings on Kaspersky software beginning Oct. 25.

“The Committee’s future hearings will determine what led the previous administration to include Kaspersky products on the government-approved purchasing schedule, how much risk Kaspersky’s compromised products exposed the federal government to, and how the cybersecurity framework should be adjusted to prevent future intrusions,” Smith told The Hill.

It is unclear whether the company had knowledge of the incidents, which Kaspersky has denied any involvement in.

“Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question,” the company said in a statement.

“Kaspersky Lab reiterates its willingness to work alongside U.S. authorities to address any concerns they may have about its products as well as its systems, and respectfully requests any relevant, verifiable information that would help the company in its own investigation to certifiably refute the false accusations,” the company said.

Kaspersky is a multinational company with headquarters in Moscow that serves 400 million customers worldwide. But the company has attracted scrutiny in the wake of Russia’s interference in the 2016 U.S. presidential election, which involved hacking into emails of top Democratic officials and targeting state electoral systems. The company has long maintained it has no ties to the Kremlin.

The company was thrust further into the spotlight in September when the Department of Homeland Security (DHS) barred federal agencies and departments from using Kaspersky software on their systems, citing potential risks to national security.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” DHS said on Sept. 13.

The extent to which Kaspersky is used across the federal government has not been publicly disclosed. A former government source said that DHS likely could not ascertain at what scale Kaspersky software was being used on federal networks, prompting the department to issue the directive.

According to the New York Times, the revelation that Russia was leveraging Kaspersky software to search for sensitive U.S. information prompted DHS to issue the federal ban. Israel is said to have detected the spying effort more than two years ago when intelligence officials hacked into Kaspersky’s network.

“Since various U.S. government agencies, including the Department of Defense, have used Kaspersky products, it’s safe to assume that Moscow has a ton of our information, including classified. This was a serious mistake,” said John Schindler, a former NSA analyst.

The administration’s decision to restrict Kaspersky products was applauded by lawmakers from both parties.

Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenQuestions loom over Franken ethics probe State Dept. spokeswoman acknowledges 'morale issue' Democrats scramble to contain Franken fallout  MORE (D-N.H.), for instance, has pushed for language in annual defense policy legislation to ban federal bodies from using Kaspersky, which would effectively codify the DHS ban into law.

On Wednesday, Shaheen called on the federal government to expedite efforts to rid federal systems of Kaspersky software and demanded the Senate Armed Services Committee immediately schedule a hearing on recent reports.

However, the Kaspersky directive has drawn pushback from some in the private cybersecurity community, who have challenged DHS to produce evidence bolstering its claims.

Moreover, a top Interpol officer this week characterized the Trump administration’s actions against Kaspersky as “Balkanization” that could hamper international efforts to combat cyber crime in comments to Reuters.

Kaspersky has long fought allegations of ties to Russian intelligence, and has said that it will submit a written statement to DHS addressing the concerns spelled out in the directive.

Eugene Kaspersky, the company’s CEO, also initially accepted an invitation to testify before the House Science, Space and Technology Committee to address the allegations. However, a committee aide said Wednesday that Kaspersky has not been invited to testify at the Oct. 25 hearing.

It is unclear how many witnesses there will be, or who will be called to testify. A committee aide said that the original witness list will change.